What's in the Release Notes

What's New

Elastic vDCs: Allocation Pool model vDCs that can span multiple clusters within a vCenter server allow more flexibility while
efficiently using infrastructure resources as a tenant's compute needs grow over time.

Change to the Allocation Pool model in 5.1.1 enables administrators to work around the maximum number of virtual machines on an
organization VDC caused by the vCPU to MHz mapping parameter. This limit can now be worked around by setting a low vCPU to MHz mapping without CPU limiting virtual machines in the organization VDC.

VXLAN: Using VXLAN, administrators can create multi-tenant L2/L3 networks that are faster to provision and require less reliance on physical network gear.

Storage classes: Administrators can create multiple classes of storage capacity within the same provider/Org VDC thereby using their storage more effectively. vCloud Director can now leverage Storage DRS (with vSphere 5.1) for VMs provisioned through vCloud Director.

Enhanced Org vDC creation workflow: Networking elements such as Edge Gateway creation, external networks connectivity, internal network creation, and 3rd party L4-7 networking and security services for the vDC can now be configured through the main Org vDC
creation workflow, enabling customers to create Org vDCs complete with compute, storage, networking and security in less than 10 minutes.

Networking Improvements: Each Org vDC is connected to the outside world through an Edge Gateway device, which supports self-service by the tenant, can have up to 10 network interfaces, supports multiple subnets on interfaces, can be configured in multiple
sizes, supports High Availability in an active-passive configuration, supports DNS relay, enhanced Load Balancing, Firewall, and VPN. For information on using multiple subnets,
see Configuring Multiple Subnets on External Networks.

Integrated L4-7 networking and security solutions from 3rd party vendors: Using the vCloud Ecosystem Framework, customers can integrate 3rd
party L4-7 networking and security services in their Org vDC. Such 3rd party solutions are available from selected vendors through the VMware
Ready for Networking and Security program. This feature allows customers to leverage their existing technology investments in 3rd party vendors
while leveraging automation and agility benefits of an integrated solution.

General Issues

vCloud Director 5.1 Appliance deployment Considerations
The vCloud Director 5.1 Appliance can be deployed with either the embedded database or an external Oracle or Microsoft SQL Server Database. For a list of supported databases,
go to the VMware Product Interoperability Matrix and select
VMware vCloud Director from the Product drop-down menu.

The vCloud Director Appliance is targeted for use in proof of concept deployments with a single vCloud Director cell and up to two vCenter
Servers, 100 deployed virtual machines, and ten users. For more information on deploying the vCloud Director Appliance, see the
vCloud Director Evaluator's Guide.

Only system administrators receive email alerts regarding VPN tunnel status by default
In vCloud Director 1.5, the default notification setting for VPN tunnel status was to send email notifications to organization administrators. In
vCloud Director 5.1 and 5.1.1, the default setting sends email notifications only to those users set to receive organization email alerts, which by default
includes only system administrators.

Workaround: Change the email notification settings for the organization.

OVF template creation and media upload operations sometimes fail on organization vDCs backed by datastore clusters
Sometimes, when you attempt to upload media or create an OVF template on an organization that is backed by a datastore cluster, the operation
fails. This occurs when the datastore cluster threshold has been exceeded. In the case of OVF template creation, the error message that displays is misleading,
as it states that "The operation failed because no suitable resource was found."

Predefined Roles and Rights list in the documentation is incomplete
The Predefined Roles and Their Rights table in the vCloud Director Administrator's Guide is missing some of the available rights.
The following list indicated which predefined roles have these rights by default.

Organization: Edit Federation Settings

System Administrator

Organization Administrator

Organization VDC: Set Storage Profile

System Administrator

Organization Administrator

Organization VDC Network: Edit Properties

System Administrator

Organization Administrator

Organization VDC Network: View Properties

System Administrator

Organization Administrator

Gateway: Configure Services

System Administrator

Organization Administrator

Disk: Change Owner

System Administrator

Organization Administrator

Catalog Author

vApp Author

Disk: Create a Disk

System Administrator

Organization Administrator

Catalog Author

vApp Author

Disk: Delete a Disk

System Administrator

Organization Administrator

Catalog Author

vApp Author

Disk: Edit Disk Properties

System Administrator

Organization Administrator

Catalog Author

vApp Author

Disk: View Disk Properties

System Administrator

Organization Administrator

Catalog Author

vApp Author

vApp User

Installation and Upgrade Issues

Fixed the issue of insufficient virtual machine CPU for Allocation Pool VDCs that occurred after upgrading vCloud Director from 1.5 to 5.1
If you deployed, updated, or undeployed virtual machines on an Allocation Pool VDC after upgrading from vCloud Director 1.5 to vCloud Director 5.1,
those Allocation Pool VDCs might have insufficient CPU resources. This issue has been fixed in the 5.1.1 release. To ensure that the fix is
applied to your existing Allocation Pool VDCs after upgrading to vCloud Director 5.1.1, either deploy, undeploy, or update a virtual machine
into each Allocation Pool VDC or make a trivial modification to the vCPU parameter for each Allocation Pool VDC (for example, by incrementing or
decrementing the value by 1 MHz).

Upgrades from vCloud Director 5.1 to vCloud Director 5.1.1 where no virtual machines were provisioned into Allocation Pool VDCs after upgrade
from 1.5 to 5.1 but before the upgrade to 5.1.1 are unaffected. Upgrades from vCloud Director 1.5 to vCloud Director 5.1.1 are unaffected.
Further information on the Allocation Pool allocation model in vCloud Director 5.1.1, see the VMware knowledge base.

vShield Installation Procedure in the documentation is incorrect
The vShield Installation Procedure table in the vCloud Director Installation and Upgrade Guide is incorrect.

VMRC plug-in installation path in 64-bit Firefox
In 64-bit Firefox, the default installation path is /usr/lib64/mozilla/plugins. When you install the VMRC plug-in at the defaul path,
the vCloud Director Web Console cannot open the plug-in. When asked to customize the installation, specify /usr/lib/mozilla/plugins as the path.

Failed to upgrade agent error message when upgrading ESX/ESXi
When completing the Upgrade each ESX/ESXi host step of the Upgrade vCenter, ESX/ESXi Hosts, and vShield Edge Appliances
procedure in the vCloud Director Installation and Upgrade Guide, you may see error messages of the form:
Failed to upgrade the agent on host "hostname". Consult the agent logs.
Failures occurred during prepare of host "hostname."
Cannot complete login due to an incorrect user name or password.

Workaround: A system administrator must complete the following steps.

Unprepare the host. Ignore the warnings that this operation generates.

Upgrading vShield Edge from 5.0 to 5.1 or 5.1.1 through vShield Manager requires an update of associated Edge Gateways in vCloud Director
After upgrading vShield Edge from 5.0 to 5.1 or 5.1.1 through the vShield Manager interface, reconfigure services for each associated Edge Gateway in vCloud Director.
Failing to reconfigure services results in the vCloud Director firewall service blocking the data path.

Localization Issues

ja_JP locales and Oracle
If you want to use a ja_JP locale for your vCloud Director cells and you want to use an Oracle database, you must use Oracle 11g R2
(11.2.0.1 or later) and make sure that you do not set "JA16SJISTILDE" as the NLS_CHARACTERSET.

In languages other than English, object lists can be filtered only by columns that contain user-generated content
Description: When using vCloud Director in languages other than English, the filter function on object lists works only when you filter using columns that contain user-generated content, such as Name or vApp Name.

Networking Issues

If a vApp has a fenced network and is powered on, virtual machiness or virtual machine NICs that are added to the vApp may not have network connectivity
If a vApp has a fenced network and is powered on, and NAT type is port forwarding and IP Masquerade is enabled, virtual machines or virtual
machine NICs that are added to the vApp will not have network connectivity.

Workaround: Disable and re-enable IP Masquerade on the fenced network or stop and start the vApp.

Unable to ping the vShield Edge internal interface after upgrading vShield Edge from 5.0 to 5.1 or 5.1.1 in vCloud Director
After upgrading vShield Edge from 5.0 to 5.1 5.1.1 through vCloud Director, you can no longer ping the vShield Edge internal interface from a virtual
machine connected to the internal network.

Workaround: Manually add the following rule to to allow ICMP traffic to the internal IP of vShield Edge.ANY -> VSE-Internal-IP ICMP ALLOW

Partial failure when deleting VPN tunnel on an upgraded system
An attempt to delete a VPN tunnel on an upgraded system partially fails with the error Edge gateway null does not exist. Deletion of the local
tunnel configuration completes successfully, but the tunnel is not removed from the peer gateway.

Workaround: Delete the tunnel configuration from the peer gateway. This action completes deletion of the VPN tunnel and removes the error.

vCloud Director sometimes shows an incorrect functional status for a VXLAN network pool
In some cases, vCloud Director sometimes incorrectly displays a nonfunctional VXLAN network pool as being having a functional (green) status. In such
cases, the Repair option is available when you right-click the VXLAN network pool.

If you see a Repair option available for a VXLAN network pool, repair the network pool to make it functional.

Merge provider vDC operations do not work if the provider vDCs have VXLAN network pools in different states
To merge two provider vDCs with VXLAN network pools, the VXLAN network pools on both provider vDCs must be in the same state. If one provider vDC has a functional (green) VXLAN network pool and the
other has a non-functional (red) VXLAN network pool, the two provider vDCs cannot be merged.

NAT services on an Edge Gateway cannot be enabled or disabled through the vCloud Director Web Console
You cannot use the vCloud Director Web Console to enable or disable a NAT service in an Edge Gateway.

Workaround: Use the REST API to enable or disable a NAT service in an Edge Gateway. For more information about using the REST API, see the vCloud API Programming Guide.

IP Scope displays incorrectly for multiple subnets
In the vCloud Director Web Console, direct Org VDC networks and vApp networks directly connected to them show only a single IP Scope in the Network Specification page even if the provider network has more than one IP scope.

Workaround: Use the REST API to retrieve an XML representation of the OrgVdcNetwork or VappNetwork. All IP scopes are listed in the IpScopes element of the response. For more information about using the REST API, see the vCloud API Programming Guide.

Edge Gateway uplinks display only a single subnet when there are multiple subnets
In the vCloud Director Web Console, Edge Gateway uplinks show only a single subnet in "External IP Allocations" even if the external network to which the uplink connects has more than one IP scope.

Workaround: IP allocations assigned to external interfaces can be viewed from the Edge Gateway properties page on the Configure IP settings tab. IP allocations assigned for services can be viewed from Edge Gateway services tab.

Virtual Machine and vApp Issues

Running VMs quota is not updated when changing the ownership of a running vApp
When an administrator changes the ownership of a running vApp to a user, the user's Running VMs quota does not update to include the new vApp.

Workaround: Restart the vApp to update the user's Running VMs quota.

vApp creation operations are limited for vApps using storage profiles on vSphere 5.0 U1 or earlier
When vCloud Director is backed by vSphere 5.0 U1 or earlier, vApp creation operations, including creating, copying, moving, and importing vApps, are limited to eight operations per cell for vApps using
storage profiles. vApp creation operations that exceed this limit are placed in a queue to begin as previously running operations are completed.

The OK button on the Edit vApp Properties dialog box might be unavailable when running vCloud Director on Windows XP or Linux
When you edit the starting or stopping virtual machine settings on the Edit vApp Properties dialog box, the OK button might become unavailable
if you are running vCloud Director on Windows XP or Linux systems.

Workaround: Click anywhere on the dialog box outside the field you are editing.

Attempting to load media to a virtual machine from a datastore inaccessible by the virtual machine's host fails
When you try to load media to a virtual machine and the media exists on a datastore that is not accessible to the host the virtual machine is on, the operation fails.

Workaround: Load the media to a datastore that is accessible to the virtual machine's host or make the datatstore the media is on accessible to the virtual machine's host.

Storage profiles must be enabled to add or import virtual machines with storage profiles other than * (Any)
When storage profiles are not enabled on the cluster associated with a provider VDC, adding or importing a virtual machine with a storage profile
other than * (Any) fails with an error message. To fix this issue, enable storage profiles on the cluster and retry the add or import operation.
See Enable Virtual Machine Storage Profiles
in the vSphere Client in the vSphere storage documentation.

Failed virtual machine deletion upon vApp expiration when using vSphere 5.0 with independent disks
When you use vCloud Director 5.1 or 5.1.1 with vSphere 5.0, virtual machines configured with independent disks are not deleted properly upon vApp expiration. Instead, those virtual machines become stranded and the attached disks become unusable.

Workaround: To remove the stranded virtual machine and detatch the independent disk, take the following steps.

In vCenter Server, power on and power off the virtual machine.

In vCloud Director, delete the virtual machine from the stranded items list.

If you delete the virtual machine without first powering it on and off in vCenter Server, vCenter Server will not release the independent disk and the disk will remain unusable.

vCloud API Issues

API Compatibility
vCloud Director 5.1 and 5.1.1 support vCloud API version 1.5 and 5.1. vCloud API 1.5 clients can work with a
vCloud Director 5.1 or 5.1.1 server with few or no modifications. Known incompatibilities are summarized in this section.

Note: If you use a combination of vCloud API 1.5 and 5.1 clients on a single installation of vCloud Director, operations by both types of clients
might fail in unpredictable ways, especially where those operations create, retrieve, update, or delete objects that are new or changed in vCloud
Director 5.1. The vCloud API schema reference includes a summary of changes to the schemas in vCloud Director 5.1.

When a vCloud API 1.5 client creates a Provider vDC on a vCloud API 5.1 or 5.1.1 server, the VMWProviderVdc object returned in the response body contains references to all datastores that are accessible from the
resource pool referenced in the request, regardless of which datastores are referenced in the request.

In vCloud Director 5.1 or 5.1.1, NetworkPool objects are associated with OrgVdc objects. When a vCloud API 1.5 client creates a routed or isolated OrgNetwork on a vCloud API 5.1 or 5.1.1 server, the request fails
unless it specifies a NetworkPool that is associated with an organization vDC in the containing organization.

Requests from a vCloud API version 1.5 client to delete an organization vDC might fail if the vDC contains an Edge Gateway. To correct
this problem, delete all routed or isolated organization vDC networks in the organization vDC and retry the operation.

Requests from a vCloud API version 1.5 client to create a routed or isolated organization vDC network might fail if no vDCs in the organization
are provisioned with a network pool. To correct this problem, create at least one organization vDC that includes a network pool and retry the operation.

Rate limits are not supported with certain port group configurations
You cannot set a rate limit on an external network that is backed by a standard switch port group. If you use the REST API to set an InRateLimit
or OutRateLimit in a GatewayInterface element of an EdgeGateway, the resulting task fails if the GatewayInterface is a reference to an
external network that is backed by a standard switch port group, or a dynamic or ephemeral port group.

API login with SAML assertion fails as Unauthorized
If a system administrator logs in to the REST API using a SAML assertion after the cell is idle for over 10 minutes, or before any system
administrator logs in to the vCloud Director Web Console, the login fails with an HTTP status of Unauthorized (401).

Workaround: Retry the request without org="System" in the Authorization header.

The response to the query /api/query?type=adminAllocatedExternalAddress&format=records contains an invalid value
The response to the query.../api/query?type=adminAllocatedExternalAddress&format=records
contains an invalid value for the org attribute. The value is that of the organization vDC that contains the network, rather than that of the organization itself.

Workaround: Obtain a valid reference to the organization.

Replace the org part of the value with vdc.

Use the new value as the URL for a GET request.

Examine the response. It contains a Link element where rel="up". The value of the href attribute of this link is a reference to the organization
that contains the vDC, and is the correct value for the org attribute of the query response.

Updating OrgGuestPersonalizationSettings sets the Organization's CanPublishCatalogs element to false
If you use the REST API to update the OrgGuestPersonalizationSettings of an organization (PUT /admin/org/{id}/settings/guestPersonalizationSettings),
the update also resets the value of the organization's CanPublishCatalogs element to false.

Add links missing from some extension services elements
The following Link elements are not returned in a ResourceClass body, but are valid when used.

vCloud API 1.5 client might fail to create a routed organization network with certain NAT rules
Requests from a vCloud API 1.5 client to create an organization network that includes a NatService that supports IP
masquerading by setting NatType to portForwarding and Policy to allowTraffic, as shown in this example, fail with an internal server error. <NatService>
<IsEnabled>false</IsEnabled>
<NatType>portForwarding</NatType>
<Policy>allowTraffic</Policy>
</NatService>

Workaround: Complete the following steps.

Create the network with NatService:Policy set to allowTrafic.

Change the network value of NatService:Policy to allowTrafficIn.

Set the network value of AllowedExternalIpAddresses to the IP address of the Edge Gateway to which the network connects.

Creating a routed vApp network with default firewall settings using the REST API results in incorrect charging for the service by vCenter Chargeback Manager
When you create a routed vApp network using the vCloud Director REST API without specifying whether to enable firewall on the network, the firewall
service is enabled on the network by default, but does not get charged correctly for vCenter Chargeback Manager.

Workaround: When you create a routed vApp network using the vCloud Director REST API, be sure to specify whether to enable firewall on the
network. If you have a previously created vApp network that isn't getting charged correctly, disable and re-enable firewall on the network.

Task progress does not display correctly in the REST API
While a task is running, a <Progress> element appears in the GET task response regardless of whether the task reports progress.
For tasks reporting progress, the progress value appears correctly. For tasks not reporting progress, the value is set to 0 until the task reaches completion.